Lumma Stealer spread via fake cracked software YT vids

Jan 10 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s doesnโ€™t need a TV show to hold cybercriminals accountable for their actions ๐Ÿ‘€ #PostOfficeScandal ๐Ÿ˜ฒ๐Ÿ˜ข๐Ÿ˜ก

ย Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿค โ€˜Lumma Stealerโ€™ spread via fake cracked software YT vids ๐ŸŽฅ

  • ๐Ÿฆƒ Poorly secured MS SQL servers targeted by Turkish hackers ๐Ÿ‘จโ€๐Ÿ’ป

  • ๐ŸŒฏ Babuk Tortilla ransomware foiled by newly-obtained decryptor ๐ŸŽ‰ย 

Lumma let you finish but Beyonce had one of the best cracked software videos of ALL TIME ๐Ÿ˜‚๐Ÿ’€๐Ÿ™ƒ #Kanye

๐Ÿšจ Alert: YouTube Videos Used to Spread Lumma Stealer Malware! ๐Ÿšจ

๐Ÿ” Fortinet FortiGuard Labs recently uncovered a rising threat where cybercriminals are exploiting YouTube to distribute Lumma, an information-stealing malware. ๐Ÿ‘พ These YouTube videos often focus on cracked software, luring users with installation guides and hidden malicious URLs. Beware of cracked versions of popular software like Vegas Pro!

How does it work? ๐Ÿ’ก

Users seeking cracked software on YouTube are directed to click a link in the video description, leading to a fake installer on MediaFire. Once downloaded, the ZIP file unleashes a Windows shortcut disguising itself as a setup file. This shortcut triggers the download of a .NET loader from GitHub, loading the Lumma Stealer with anti-virtual machine and anti-debugging checks.

Lumma Stealer Capabilities ๐Ÿ”ซ

This C-written malware, available on underground forums since late 2022, can harvest and send sensitive data to the attacker-controlled server.

Broader Trend ๐ŸŒ

This tactic follows a pattern where cybercriminals exploit YouTube for malware distribution, as seen in previous attacks delivering stealers, clippers, and crypto miners. Bitdefender also warned of stream-jacking attacks on YouTube, emphasising the need for vigilance.

Stay Safe ๐Ÿ›ก๏ธ

Be cautious when navigating YouTube for cracked software, and avoid clicking on suspicious links. Keep your software updated, use reputable security software, and stay informed about emerging cyber threats. Together, we can create a safer digital environment! ๐Ÿ’ป๐Ÿ”’

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Hackers: SQL and Destroy! ๐ŸŽฏ๐Ÿ’ฅ๐Ÿ˜ฌ

๐Ÿ” Alert: Financially Motivated Campaign Targets Insecure MS SQL Servers! ๐Ÿ”

๐ŸŒŽ Poorly secured Microsoft SQL (MS SQL) servers are under fire in the U.S., European Union, and Latin American (LATAM) regions in an ongoing campaign dubbed RE#TURGENCE. ๐ŸŽฏ Researchers at Securonix warn of a dual threat โ€“ compromised host access sale or delivery of ransomware payloads.

Attack Details ๐Ÿ”ซ

Turkish-origin actors execute brute-force attacks on MS SQL servers, using xp_cmdshell for shell command execution. A PowerShell script fetches an obfuscated Cobalt Strike beacon payload, leading to the deployment of Mimic ransomware.

Post-Exploitation Toolkit ๐Ÿ’ผ

The attackers employ AnyDesk for remote access, downloading tools like Mimikatz for credential harvesting and Advanced Port Scanner for reconnaissance. PsExec facilitates lateral movement.

OPSEC Blunder ๐Ÿ•ต๏ธ

Securonix uncovered an Operational Security (OPSEC) misstep โ€“ monitoring clipboard activity revealed the threat actors' Turkish origins and the alias "atseverse," linked to a Steam profile and a Turkish hacking forum called SpyHack.

Security Advice ๐Ÿšจ

Avoid exposing critical servers directly to the internet. Strengthen your server security to prevent brute-force attacks from external networks.

Stay Informed, Stay Secure! ๐Ÿ”’๐Ÿ‘ฅ๐Ÿ’ป

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Holy Guacamole! Thank Bubuk for that! ๐ŸŒฎ๐Ÿฅ‘๐ŸŒฏ๐ŸŒถ๏ธ๐Ÿ’€

๐Ÿ›ก๏ธ Decoding Babuk Tortilla: A Collaborative Cybersecurity Fiesta! ๐ŸŽ‰๐ŸŒฎ

๐Ÿšจ In a nacho-ordinary victory against cyber threats, experts guac-ed up executable code to decrypt files hit by the notorious Babuk Tortilla ransomware variant! ๐Ÿ’ช๐Ÿ”“

Taco 'bout a Global Impact ๐ŸŒ

This ransomware, which kicks like a mule and bites like a crocodile ๐ŸŠ, gained notoriety in 2021, creating a bonafide salsa of chaos globally. 10 different cyber actors, nacho-average troublemakers, turned up the heat with the Babuk toolkit. Cisco Talos detected the Tortilla campaign in October 2021.

Decryptor Evolution ๐Ÿ’

The Babuk Tortilla decryptor, born from leaked source code, got a guac-makeover by Avast Threat Labs. It's a necesito for recovering files spiced with Babuk variants.

User-Friendly Recovery ๐Ÿš€

Avast's Babuk decryptor, as user-friendly as a burrito, lets even non-experts salsa their way to file recovery. Updated versions are ready for download. Hurray!

A Collaborativeย Triumph ๐Ÿค

Dutch Police, guided by Talos intel, apprehended the Babuk Tortilla threat actor. This victory is a tasty reminder of the power of guac-llaboration ๐Ÿ˜ฌ between law enforcement and cybersecurity entities.

ยกGracias Amigos! ๐Ÿ‘จ๐Ÿฝโ€๐ŸŒพ

For those embroiled in the Tortilla ransomware mess, the updated Babuk decryptor is as welcome as an ice cold Corona on a hot summerโ€™s day. FYI, it can be found on NoMoreRansom and Avast decryptorsโ€™ pages.

๐ŸŒ Together We Stand Against Cybercriminals! โœŠ๐Ÿ”๐Ÿ’ป Power To The People, Right On! โœŒ๏ธ๐ŸŽธ๐Ÿ™Œ

Always a pleasure to deliver some guac-tastic news… for once! ๐Ÿ™ˆ Stay safe, cyber squad! ๐Ÿ›ก๏ธ๐ŸŒฎ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles